A dynamic Android malware detection approach is proposed aiming at the low accuracy of static malware detection approaches by researching the system calls of Android applies.The system calls achieved by stimulated events of Android applies from the sandbox are characterized,and two feature representation methods are designed based on system call frequency and system call dependency respectively.Malware and goodware are distinguished by a classifier constructed by ensemble method.The two methods are tested on 3 000 Android applications from the third-part market.The experimental results show that,the feature representation method based on system call dependency is better than that based on system call frequency,and the ensemble-based classifier has a good detection accuracy of 95.84%.